0 

■ 

Q 


0 

Q 


Computer  Security  Division 
Information  Technology  Laboratory 
National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD  2/2/99 


REPORT  DOCUMENTATION  PAGE 


Form  Approved 
0MB  No.  074-0188 


Public  reporting  burden  for  this  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and  maintaining 
the  data  needed,  and  completing  and  reviewing  this  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information,  including  suggestions  for 
reducing  this  burden  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington,  VA  22202-4302,  and  to  the  Office  of 
Management  and  Budget,  Paperwork  Reduction  Project  (0704-0188),  Washington,  DC  20503 


1 .  AGENCY  USE  ONLY  (Leave  2.  REPORT  DATE  3.  REPORT  TYPE  AND  DATES  COVERED 

blank)  2/2/1999  Report  2/2/1999 


4.  TITLE  AND  SUBTITLE 

Information  Security  in  a  Wireless  World 


6.  AUTHOR(S) 

Steinauer,  Dennis  D, 


7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

Information  Technology  Laboratory 

National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD 


9.  SPONSORING  /  MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

National  Institute  of  Standards  and  Technology 
Computer  Security  Division,  Information 
Technology  Laboratory,  Gaithersburg,  MD 


8.  PERFORMING  ORGANIZATION 
REPORT  NUMBER 


10.  SPONSORING  /  MONITORING 
AGENCY  REPORT  NUMBER 


12a.  DISTRIBUTION  /  AVAILABILITY  STATEMENT 

Approved  for  public  release;  Distribution  unlimited 


13.  ABSTRACT  (Maximum  200  Words) 


12b.  DISTRIBUTION  CODE 


A  briefing  that  touches  on  the  basic  security  strategy,  emerging  technologies,  critical 
information  infrastructure  elements  and  emerging  security  needs  as  it  relates  to  wireless 
information  security. 


14.  SUBJECT  TERMS 

lATAC  Collection,  wireless  security,  information  security 


17.  SECURITY  CLASSIFICATION  18.  SECURITY  CLASSIFICATION  19.  SECURITY  CLASSIFICATION 
OF  REPORT  OF  THIS  PAGE  OF  ABSTRACT 

UNCLASSIFIED  UNCLASSIFIED  UNCLASSIFIED 


NSN  7540-01-280-5500 


15.  NUMBER  OF  PAGES 


16.  PRICE  CODE 


20.  LIMITATION  OF  ABSTRACT 


UNLIMITED 


Standard  Form  298  (Rev.  2-89) 

Prescribed  by  ANSI  Std.  Z39-18 
298-102 


Information  Security 


GO 

Cj 

G— 1 

(D 

a 

bJO 

HH 

O 

o 

o 

•  1-H 

o 

0-) 

H 

c2 

bX) 

HH 

a 

•  f-H 

bX) 

Vh 

o 

(D 

•  1-H 
4-H 

QJ 

(D 


•  i—H 

o 

(D 

GO 

bX) 

•  f-H 

Vh 

(U 


a  -c  a 

U  O  U 


Storage  In  Transit 


Security  Services 


1 

o 

o 

•  1-H 

4-> 

cd 

a 

o 

U 

Oh 

(D 

GO 

GO 

(D 

1 

o 

0 

o 

o 

< 

Emerging  Technologies 


o  0 
0  ^ 
</) 


CO 


CO 

c 

(D 

bJD 

cd 

(D 


CO 


S 

0> 


CO 


CO 


o- 

o- 

O- 


Critical  National  Infrastructures 


a 

O 

•  rH 
-I— ► 

•  1— H 


•  1-H 


o 

•  fH 

4-» 

Q 

OX) 

a 

t; 

GO 

cd 

o 

Pn 

o 

rH 

GO 

c 

rrt 

cj 

f  . 

PQ 

H 

o 

a 

O 


Vh 

(D 


O 


c/) 

a 

o 


Government  Serviees 


Critical  Information  Infra 


Underlying  Communications  Tec 


Emerging  Security  Needs 


CO 

(D 


GO 


C/) 


GO 


cd 

> 


(D 

o 

a 

0-) 

a 

o 

o 


a 

o 


<D 

o 

a 

Cj 

> 


W) 

O 


o 


T3 

(D 

(D 

Oh 

GO 


I 

bX) 

•  fH 

€\ 


(D 

O 


> 


GO 


GO 


a 


GO 

GO 

(D 


Intrusion  Detection 
Audit  &  threat  monitoring 


Critical  Infrastructure  Protection 


c3 

GO 

o 

o 

pH 


GO 


a 

t-  s 


•  fH 

4-> 

GO 

tlX) 

•  rH 

o 

GO 

"o 

a 

oi 

> 

•  1-H 

(D 

O 

> 

a 

o 

5h 

o 

Vh 

H 

GO 

GO 

>> 

GO 

GO 

•  i-H 

a 

< 

Vh 

(D 

o 

GO 

bJD 

a> 

•  f-H 

GO 

GO 

ffi 

(D 

GO 


O 

o 

C-) 

Oh 

GO 


O 


GO 


a 


GO 


(D 

Ph 


Vh 

o 

a> 

GO 


Security  Technology 


u 

u 


Specification-Based  T/E 


System  Survivability 


^  .SP 


St 

•S 

:§ 

•S 

a 

(D 
s— > 

X! 

W 


"cS 

O 

GO 

I  GO 
(D  ^ 

bX)  l3 
H  O 

Cu 


O  QJ 
^  2 

St 


GO 


(D 

GO 


GO 


(D 

s 

5»5 

(D 
-1— > 

O 

§ 

s 

50 

<u 

€\ 

C/2 

•»^ 

50 

50 

O 

<5^ 

4:b 

50 

50 

(D 

g 

,o 

HM 

GO 

<D 

GO 

-1— > 

(D 

rs 

0 

C/2 

o 

cr 

•  1— I 

•  1-H 

is 

a> 

s 

o 

(D 

4-» 

<D 

B 

cz 

bX) 

fb 

•  rH 

Pi 

tJJO 

•  1—1 

GO 

0-) 

Tb 


rs 

rs 


GO 


SX,  > 

*5 

=>3 


o 

(D 

c/2 


\# 


o  S 

C^  GO 
GO 

(U 

s  •§ 


<B 

o 


(U 


CZ 


o 

^  (L> 

^  GO 


High  Assurance  Systems 


tJD 

•  1-H 

u 

(D 

(D 

a 

bX) 


<D 

o 

•  1— ( 

»  ^ 

_I _ \ 

•  fH 

Vh 

d 

o 

> 

(D 

(D 

GO 

a 

(D 

O 

<u 

a 

4-> 

GO 

cb 

GO 

GO 

o 

GO 

d 

Cj 

4b 

bX) 

bX) 

(D 

hJ 

ffi 

• 

• 

a 


o 

4b 


GO 


a 

o 


bX) 

a 

•  t-H 

(D 

(D 

n 

•  t-H 

bX) 

a 

(U 


•  r-H 

o 


< 

< 

Ph 


CO 


GO 

o 

4b 


(D 

a 


(D 

> 

(D 


CO 


?b 

o 


o 

•  rH 

tb 

(D 

O 

?b 

o 


GO 

GO 


Security  for  Domain- Specific 


GO 


a 

(U 


GO 


s 

(D 


GO 


GO 


(BFRL) 


Security  for  Federal  Systems 


rs 

rs 

in 

<D 


o 

C/2 

a> 

o 

a 

u 

Ph 

•  1 

P 

bn 

c/2 

C/2 

in 

a> 

(D 

fb 

PQ 

a> 

v» 

cd 

cd 

’Ph 

bJO 

rs 

?b 

•  ^ 

?b 
•  ^ 

• 

cd 

p 

(D 

H 

1 

• 

(D 

> 

(D 


in 

(D 

in 


(D 


O 

(D 


in 


c/2 


O 


a 

(D 

4-> 

CO 

CO 


Agency  Assistance 

-  Protecting  their  critical  infrastructures 

-  Using  advanced  security  technology 


Security  Technology 


Government-Industry  partnership 


(D 


bX) 

O 

o 


o 

(D 


oo 

XJ 

(3j 

<D 

(/) 

4-> 

a 

/I  ^ 

bX) 

a 

_3 

(D 

Oj 

4-> 

^  'V 

CD 

cd 

Vh 

GO 

C-> 

s 

<D 

-1— ► 
GO 

CO 

W 

g 

g 

•  1— ( 

Vh 

g 

Clj 

O 

Vh 

03 

c3 

(D 

Vh 

u 

(DX) 

GO 

W) 

bX) 

O 

o 

O 

;-i 

H 

HH 

Vh 

CIh 

flH 

PM 

Basic  Information  Security 

Technologies 


tj) 

•  i—H 

Vh 

(D 

(D 

c 

•  f-H 

bJD 

a 


GO 

(D 


c/5 

GO 


Test  and  Evaluation 

Audit,  Threat  Monitoring,  Intrusion  Detec 


Technology  Transfer 

Balance  Computer  Security  Act,  PDD63,  and 
“Traditional”  NIST/ITL  Roles 


NIST  IT  Security  Standards 

a  record  of  partnership  with  Indusi 


Cryptographic  API’s  (Draft  FIPS)  -  X/OPEN 

Posix  -  FIPS,  IEEE,  ISO 

Minimum  Interoperability  Specification  for  PKI 
Components  (MISPC)  -  NIST  SP,  IETF 


NIST  Computer  Security  Program 


g>  3 

3  ^ 

^  i/i 

O  (0 

p  ^ 
^  c 


-=  o 
O)  *5 


LU 


iiC 

■■  ■■  I 

— 


-r  O 


and  Applications  _  Criteria  and  Assurance 

Key  Recovery  _  internetworking  Security 

Secure  Internet  Protocols  _  Security  Management 


Cryptographic  Technology  and 


C/D 


GO 


GO 


(D 

O 


CO 

Q 

U 

W 


CO 


ANSI  Random  Number  Generation  (co- 


Key  Recovery 


Establish  Key  Recovery  Root  CA 
Develop  Pilot  Email  Key  Recovery  System 


Public  Key  Infrastructure 


Develop  Seeurity  Requirements  for  CA 
components 


Internetworking  Seeurity 


Security  Management  and 


GO 


a 


ifi 

GO 


O 

Cj 

> 


GO 


[anagers  Forum 

gency  Assistance  &  Collaboration 


Criteria  and  Assurance 


Ph 

H 

U 

U 


B 

bS) 

O 

u 


xfi 


(D 

H 


Advanced  Network  Technolo 


toJ) 


"Td 

(D 


O  c/D 
GO  ^ 


PLh  PLh 


Adaptive”  Networks 


High  Assurance  Development 


Error/Failure  Database 
Formal  Methods 


For  Additional  Info 


Internet  Engineering  Task  For 

-  http://www.ietf.org 


